How Is the AC2 DRM Better than Online Activation?

If you have been following the gaming news (or any tech news for that matter) you doubtlessly already know about the crazy new DRM scheme Ubisoft adopted for Assasin’s Creed 2 (also known as the game I will not be playing, ever). In case you have been living under a rock (and I don’t mind, rocks are awesome man) let me explain it to you. The game will basically continuously ping their server while you play. If at any time it finds itself unable to reach the server, it will immediately kick you out to the main menu without saving your progress. It is not only crazy, but also incredibly inconsiderate. It goes above and beyond any other DRM scheme I have ever seen to make the life of legitimate customer more difficult.

I am painfully aware that most gamers (present company excluded) does not give a shit about DRM. They just don’t care. As long as they can play their game they are not really bothered by stuff like online activation, hidden rootkits and all kinds of other interesting surprises. But this scheme might just be stupid enough to actually annoy even them. Let’s try to think about just a few scenarios in which you wouldn’t be able to play AC2:

While on a plane or a train

Whenever your internet connection goes down at the house

While on a flaky WiFi connection that fades in and out

While someone is using a microwave oven in the other room/apartment and you are on a low powered Wifi connection

While on a metered internet connection (and yes, some places still have those)

While in the armed forces (not guaranteed a constant internet connection where you are deployed)

While someone in your house is downloading a torrent which sucks the bandwidth dry

While your network suffers from a random hiccup

That last point is especially interesting, because it does happen. The internet is what it is, and strange anomalous hiccups happen all the time due to net congestion, routers going down and etc. That’s just part of how this internet thing works. And you usually won’t notice, because most internet technologies are built to deal with this crap. But every once in a while you run into something that does require constant, uninterrupted communication – for example VoIP telephony. It depends on how robust and fault tolerant your phones are, but sometimes when the hiccups are big enough, the calls just drop for no reason or the reception is garbled/stuttered. I don’t know how sensitive the AC2 DRM is, but since they are using is as a security feature, you can probably expect it to be a bit trigger happy. So on your average residential (ie. shitty) internet connection, you can probably expect it to be tripped off at least every once in a while for no reason whatsoever.

It is ha huge inconvenience to us, legitimate customers. The game puts limits on when and how we can play, and punishes us every time we lose a network signal. What I fail to see however is how this protects the game from pirates any better than a regular online activation. I really don’t see the benefit here.

I mean, if I was to pirate AC2 I would just go to my favorite torrent website and download a cracked version that has the “calling home” feature removed. It doesn’t seem like this particular DRM feature would be much more difficult to crack than anything else we have seen before. If it’s just a simple ping, or connection check then removal should be trivial. If on the other hand they are doing something more complex – for example exchanging time sensitive cryptographic keys every few seconds it might actually prove to be s bit more challenging and fun to crack.

Yes, I said fun because that’s what DRM is. It is a fun project hundreds of people around the world will be working on the second your game hits the shelves. And eventually they will get it, because DRM is fundamentally flawed concept. Encryption simply does not work that way.

Assassins Creed DRM will get cracked. It is inevitable.

I always explain it to my students this way: encryption is all about securing the communication between Bob and Alice in such a way that Even cannot intercept it. It always assumes there are 3 distinct parties involved – the sender (Bob), the recipient (Alice) and a bad guy who wants to spy on the other two (Eve). We usually do this by relying on some secret decryption keys that Bob and Alice have, but Eve does not. These key may be something akin to a password that Bob and Alice exchange when Eve is not around, or public/private key pairs. But it only works as long as Eve does not have the secret/private key. If the encryption algorithm was designed properly, the only thing Eve can hope for is to guess the right key. But if your key is complex enough there are usually billions of combinations she would have to try. In most cases, even a fastest super computer in existence testing dozens of keys per second wouldn’t be able to find the right one within Eve’s life time.

Unfortunately it so happens, that DRM covers a special class of encryption problems in which Alice and Eve are the same person. The legitimate recipient of the encrypted message is the same person who you are trying to protect the message from. So basically you can encrypt the message you are sending to Eve, but you also have to give her the decryption key. You can hide that key under another level of encryption, and make sure she can access it only in special circumstances. But if Eve is clever, she can snatch up the key as soon as the conditions are met for the first time and it becomes available, and then use it whenever she wants. So DRM is basically about splitting keys in parts, hiding it in clever ways, and requiring Eve to jump through hoops in order to get it. But ultimately there must be a chain of events that can be initiated by eve that will expose the key and decrypt the game so that she can play it. The security of the DRM therefore boils down to making this process so convoluted that Eve can’t follow it. Unfortunately Eve tends to be a very clever, and very determined person when she wants to be.

This is why DRM doesn’t work – because it can’t. Because every DRM scheme can be figured out by a clever cracker like a puzzle. They don’t have to brute force the decryption, or or try to break it. All they have to do is to find the hidden key. And they have been doing this for years now, so they have lots of practice. This is why self respecting cryptography experts stay away from DRM projects and leave them to be developed by either talentless hacks, or people who don’t know enough about cryptography to realize how futile their work is (actually, we can probably file these folks under talentless hacks as well).

AC2 DRM will be cracked – I am sure of that. I am willing to bed money on that. I have yet to see a game of this caliber to remain uncrackable for more than two weeks. It is inevitable.

I am just curious as to why they chose such a highly annoying method of authentication. If it’s just a simple “check in” procedure, then this whole system is almost criminally stupid because it does absolutely nothing. A legitimate game will continuously check in, unless the customer loses the internet connection at which point you assume he is a pirate and kick him off. A pirate copy will never check in, and work just fine. It makes no sense. If on the other hand they are doing something much more complex… Well, then they are just throwing money and man-hours out the window, because it will be cracked anyway.

I know why game companies use DRM – I get it. They do it so that they can pretend like they take steps to protect their intellectual property from pirates while the investors are looking. But you’d think that they would want to pick the most cost effective, least intrusive technology out there instead of all kinds of inventing new ways to inconvenience their paying customers. Valve knows this – and they actually made their DRM fun for customers by turning it into a social platform. Steam is like a gilded cage – it keeps you from doing what you want with the games you bought. But in exchange it gives you some fun features like achievements, ability to easily connect with your friends and etc.. Ubisoft however seems to take the opposite stance making their DRM as annoying, buggy and customer hostile as possible. I don’t know if you recall but not so long ago they created a DRM so thorough that no one was able to play their game at all – and they had to use an illegal scene crack to unlock people’s games.

I really don’t know why do people in game design keep failing so hard on the DRM front. It’s so fucking simple:

No one likes DRM

Everyone seems to love Steam

Steam is a DRM

Why the fuck are you trying to use something that is the anti-thesis of Steam?

I mean, there is a working model of a DRM that works. Use it. And if you don’t want to use it because you didn’t make it then at least try to learn from it. Saying that Steam or Steam like DRM is not strong enough is just silly. Steam doesn’t protect anything just like SecuROM doesn’t protect anything. The AC2 DRM will not protect anything either. DRM does not work, period. It doesn’t matter which system you use, because none of them can possibly work. So just pick the one that people don’t hate.

What do you think about the AC2 DRM?

Update: Few days after release, Ubisoft DRM servers go down. I sort of forgot about this in the post above – to support thousands of people playing the game at the same time you need a massive server power. That’s a tricky thing though, because servers and bandwidth cost money. If you buy lots of servers and the game is a dud, you are losing money. If you low ball it, something like this happens. People can’t play your game at all. But that’s ok, right. We are going to blame pirates for this, aren’t we?

18 Responses to How Is the AC2 DRM Better than Online Activation?

From what I’d heard, I thought the “exciting new feature” of the AC2 DRM was that your saved game is stored on their servers (being offered as a “get at your save from anywhere, by the magic of the cloud” type feature) that as a crazy side effect also boots you out of your game if it can’t contact them.

If my understanding is accurate, it is also saving temporarily on the local machine, but only enough to last between server-side saves (so you only need a semi-continuous connection, not an entirely uninterrupted one, as with MMOs)

Shifting the save/store part of the game to their own servers seems to be a control grab similar to that in an MMO – you can’t pirate what’s not on your machine, and you can’t just excise the server checks because they’re a necessary part of the game. Except that the part they’ve abstracted off isn’t the game itself, just your save, so there are still ways around it that wouldn’t be available in the MMO case.

Some clever type could put together an emulated server to run locally, then you just redirect their server requests to 127.0.0.1, or you could run the whole game under a hypervisor and save the whole state of the program to restore later (with the normal cracking methods used to snip out the server check).

And after a few years, they’ll shut down the servers with some lame excuse and the game will become unplayable. Or they’ll lose your data in a crash. With the thing being centralized, all it takes is the ‘human factor’ or a bit of bad luck… or a bug in their server software.

Oh, so they are trying to do what Steam has been doing for several years, only in the most horrible, anti-customer way possible. Steam does offer cloud save support for many of the games that it distributes but does it the right way – it allows you to play offline, and syncs up saves when possible.

And you are right – it shouldn’t be that hard to emulate the server. Or intercept the save locally. I mean, you would think that before the save data is sent over network it is dumped to disk somewhere – or at least exists somewhere in memory. All you need to do is to get that data to dump to disk locally and then fake the server communication. Then read it off the disk and inject it just after the fake server request and decryption.

Yep. This is true for all DRM with online component. They will shut down the servers eventually and they will most definitely not release a patch to allow you play the game once that happens. All the people who think this is not going to happen are delusional. Some companies will shut down the servers for games that are not performing up to their expectations after mere 17 months.

Of course, if you download the game illegally you can play it forever.

When an illegal version of the game is way better than the legitimate copy, you are doing it wrong.

Their reasoning for not using steam is because it’s cracked, or has been in the past. I can’t remember the name, but there is a pirate-steam where you can download games for free too.

But they ae ignoring the issue. You can’t beat piracy, so instead provide incentives to buying the games. The Steam community is a great example, it’s too bad that publishers burden steam with overpricing except during sales.

I refused to play Half Life 2 because of Steam – I hate any DRM. And “achievements” aren’t something I need or want in a game. I wrote a “demotivator” that essentially said “Achievements. When you don’t have any self-esteem in real life, you’ll take it where ever the fuck you can get it.” That’s essentially what I think about achievements – followed closely by the blight that is multi-player. Nah. I think I am almost done with gaming. Hate console gaming (seriously…try playing against me in a FPS death match – you use a console control and I use a mouse/keyboard. You won’t stand a chance. Consoles suck for gaming), and PC gaming is too fucked up to be enjoyable anymore. The upside is, once I finish with PC gaming, I can flip over completely to Linux and say buh-bye to Micro$oft.

I don’t use Steam because of their “no reselling”/”I can take back all your games if I want to” policy, and their outrageous prices : buying from them is almost twice as expensive as importing a physical copy from the UK. Factoring the reselling I usually do but couldn’t using their service, it’d be almost 90% more expensive. No thanks.

How can someone agree to let a company lock them up with their purchase, with the added bonus of the possible loss of everything without compensation or appeal, and with higher or at best similar prices, is beyond me. Steam’s “sales” are basically what you’d find if second-hand was allowed, except the prices would actually reflect the quality/scarcity of the games instead of the whims of a marketing department.

Remember not so far back, online activation seemed ridiculous. But thanks to a few popular titles (like, say, HL2), it took root, got accepted and now every game has it. Let’s just hope this time it will not play out like this.

I agree with all your points. I too don’t care about achievements. I only marginally care about multilayer (I tend to amuse myself with L4D2 versus when I’m between single player games lately). I wish Steam was never created. But I am willing to tolerate it because:

1. It allows me to play my single player games offline

2. It doesn’t care when I have the game installed on one or 15 computers. It won’t take my games away when I buy a new computer.

3. It is a huge distribution platform for many, many games. This means that there is a decent chance that 10 years from now it may still be around (operative word is may), and I will still be able to re-download my copy of Portal from it. I doubt that anyone will be able to play AC2 legally in 10 years.

4. It is basically upfront about how it works. If Steam goes down one day, there will be no more HL2, no more TF2 and no more L4D2. I have no illusions that my game purchases are anything but an extended lease.

5. Valve actually goes out of it’s way to make Steam into something that users would want to use – be it the achievements, the social aspects, the store, etc… They try to make it fun and painless. It is still a pain in the ass, but they do get credit for the effort.

Well, reselling is no longer an option for PC games anyway. Everything that is released recently is locked up with DRM with online activation limits and limited number of reinstalls you can use.

Console market is slowly getting there too – game publishers already try to undermine the second hand market with all kinds of exclusive DLC’s. Give it a few years and I suspect that most console games will ship with the final chapter ripped out, and provided as a DLC. If you buy new, your game will come with a one time use unlock code that allows you to access the DLC for free – and it will bind it to your account. If you buy used, seeing the ending of the game will cost you $39.99.

Unless something changes soon, gaming will suck more and more for all of us.

I really haven’t thinked steam as DRM. Yes it is DRM, but it makes everything just so easy. I can download my games whenever I want, steam cloud support is awesome and the community/friends system is good. And the achievements!

I think more publishers should use Steam as the DRM, not try to create their own systems that hurts paying customers.

And what pirates gets? They are not even going to see whole drm! They can do whatever they want with the damn game…

@ Luke Maciak: it’s still possible to sell PC games second-hand, although it got much harder. There has to be more trust between buyer and seller. Lately I’ve been using closed communities (gaming forums and such) instead of open sites like Ebay, and it works quite well. Prices aren’t very high but it’s better than having a box collecting dust.

@ faemir: Or are they ? Let’s compare their current special offers with the retail prices.

Steam’s sales are actually close to new copy retail prices. Don’t trust their struck price tags, they’re only true for Steam. If there were a second-hand possibility for these games, I doubt they would be selling for more than retail. I’ll admit there are sometimes marketing operations run on Steam in which good and recent games have their prices drop for a while, but that remains an exception.

@ faemir: Fair enough, I didn’t known they had proper sales apart from their usual special offers. Other shops also have those but your point about availability rings especially true as with Steam, as there’s an endless supply of games to be sold.

Still, you mention TF2 for £2, but the whole orange box can be found for 10€ on Xbox 360 second-hand. It true it looks really cheap, but it doesn’t seem too far off what its second-hand price would be.

Yeah, and the orange box on pc is only £16 brand new, which is probably the best value game pack ever :P

But no, you should look at some of the big sales they have, I don’t have 100+ steam games because I buy overpriced digital only crap, it’s because they do /insane/ super sales. I bought 5 or 6 games for £1.68 each, and many more for £2-5, a few for £10 etc.

And then there is Stalker: Call of Pripyat, which only just came out, and if you had bought either of the previous two, got you the CoP for just £15, which for a brand new retail game is pretty damn good.

I think the end game is really, just pick and choose to get the good stuff and avoid the ripoffs – just like in brick and mortar stores. You just need to be extra careful with steam, but the rewards from the super sales is definitely worth the effort (note my 100+ games)

Problem is that we can yell all the fuck we want about this kind of protection. The average user is just going to get pissed and mutter something about ‘my computer is broken’.

I saw it happening with the Games for Windows Live crap integrated in Fallout 3. People having issues with it (be it lag, not being able to move DLC’s, …) just thought it was “their computer acting up”, or Windows Vista being a pain in the ass. Not GFWL acting like a total dick.

In the end, practically none of the users hear the bad stuff about initiatives like this. Thus bad stuff doesn’t labelled as such and it continues to be deemed ‘ok’ to use..

“You have probably seen rumors on the web that Assassin’s Creed II and Silent Hunter 5 have been cracked. Please know that this rumor is false and while a pirated version may seem to be complete at start up, any gamer who downloads and plays a cracked version will find that their version is not complete,” Ubisoft quickly responded.

While many downloaders report that the game works just fine, Ubisoft’s statement does hold some truth because in their view the game is obviously ‘not complete’ without the DRM. At this point it is not entirely clear what else could be “missing” in the cracked version, but that is beside the point.

XD Awesome post,why didnt i find this sooner ^^ .
Hehe and ia gree with each and everyone of you guys,also we cant compare Noobisoft’s DRM with Steam,as steam arranged it alot better.
True that Steam’s prices are way off the charts,but yeah,take in fact that that if u buy the game,you pay 30$ game + 15$ Material(cd’s,manuals etc),but in steam they assure that you can download the game at full speeds(Well,more or less)whenever you want to without any restricions.

And yeah i agree with poster’s “8 situations you cant play AC 2” , but there is even one more basic situation : What if you DONT have a i-net connection?

I mean not everyone in this damn world with a computer has a i-net connection,for exemple,some students who’s parents dont want to give em i-net cause its bad for the studies (or so they think),but they do buy them games sometimes,what about them?
I mean ,by the looks of it instead of paying 50$ for a game,you pay those 50$ + I-net charges + Bad quality for servers go down,and a possible wipe of saved games etc + AC2 isnt THAT good ,to make it worth all the darn fuss you have to suffer for it.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Website

Currently you have JavaScript disabled. In order to post comments, please make sure JavaScript and Cookies are enabled, and reload the page.Click here for instructions on how to enable JavaScript in your browser.